CLIT/006

IBS Center for Management Research

iPODs, PDAs, Smart Phones – The New Data Security Challenge

for Business Organizations
This caselet was written by Debapratim Purkayastha under the direction of Rajiv Fernando, IBS
Center for Management Research. It was compiled from published sources, and is intended to
be used as a basis for class discussion rather than to illustrate either effective or ineffective
handling of a management situation.

 2007, IBS Center for Management Research. All rights reserved.

To order copies, call +91 9640901313 or write to IBS Center for Management Research (ICMR), IFHE Campus, Donthanapally,
Sankarapally Road, Hyderabad 501 203, Andhra Pradesh, India or email: info@icmrindia.org

www.icmrindia.org

License to use for IBS Campuses only. Sem I, Class of 2014-16

 CLIT/006

iPODs, PDAs, Smart Phones – The New Data Security

Challenge for Business Organizations
In February, 2007, Prasanth Indulkar an employee of Videsh Sanchar Nigam Limited was arrested
on charges of industrial espionage. It was alleged that over the past several months he had been
transferring sensitive information to a senior executive in Reliance Communications through e-
mails and pen drives. Experts felt that such incidents of data theft by employees were nothing new
with the growing use and widespread availability of portable IT devices such as pen drives, PDAs,
etc.. They said that even popular gadgets like the iPod and other MP3 players, digital cameras, and
smart phones could easily be used to steal data by employees as these devices came with a plug-
and-play facility coupled with a large storage capability.
Data theft has emerged as a key challenge for all organizations, irrespective of size, industry
sector, and location. Companies operating in the IT and ITeS outsourcing sector have been among
the worst hit. For instance, in the mid 2000s, the reputation of India’s BPO sector suffered due to
incidents of employees stealing sensitive data. A Forrester Research report in 2005 had warned
that such incidents had the potential to curb the booming Indian BPO sector by 30%. Even non-IT
companies have woken up to the data security threat posed by portable IT / communication
devices. In 2005, a data security expert in the US, Abe Usher, first coined the term ‘pod slurping’
to describe the stealing of data through portable devices such as iPods, pen drives, etc. To put
forward his point devices like iPods posed a serious threat to data security, he developed a proof of
concept piece of software, Slurp.exe. When connected to the organization’s network, iPods loaded
with this software could automatically search and copy large quantity of corporate data on to the
iPod that had a 60 GB hard drive.
With most sensitive data now being stored in electronic format, such files were at the risk of being
‘slurped’ by unscrupulous employees. In addition to data theft, disgruntled employees could
publicize sensitive data to embarrass the organization or upload a virus and other malware into the
corporate network. Even honest employees could unwittingly upload a virus into the network
while connecting their devices to the network.
Experts noted that organizations which until now had focused on perimeter solutions like anti-
virus software and firewalls to protect their networks would have to contend with the potential
challenges posed by pod slurping. In addition to being a problem for security experts, pod slurping
also posed a HR dilemma as it was difficult to prevent employees from bringing these portable
devices to the workplace with many HR departments espousing the concept of ‘fun at work’.
Banning popular gadgets such as iPods could alienate the employees, and in many cases it was
practically impossible to put a blanket ban on portable storage devices as they were not only
ubiquitous but also very useful. Experts felt that there was a need for handling this issue very
carefully as too much monitoring or high-handedness on the organization’s part might hurt the
morale of the employees, breed disloyalty, and lower productivity.
Though some experts had rejected reports on pod slurping as mere hype, this had not stopped
many organizations from initiating steps to mitigate the potential risks. While some organizations
had taken drastic steps like banning electronic devices in the workplace, others opted for strong
policies regarding the use of such devices in the organization. A few other firms were trying out

License to use for IBS Campuses only. Sem I, Class of 2014-16

 iPODs, PDAs, Smart Phones – The New Data Security Challenge for …

new IT solutions available in the market to address the threat posed by portable IT devices.
However, experts felt that problems such as pod slurping would only grow in the near future with
the growing technological advancements in portable devices (such as wireless capability) and their
widespread use.
Cases on Related Topics:
1. A Report on Information Security and Data Privacy in the Indian BPO Industry
http://www.icmr.icfai.org/casestudies/catalogue/Business%20Reports/BREP035.htm
2. Procter & Gamble vs Unilever: A Case of Corporate Espionage
http://www.icmr.icfai.org/casestudies/catalogue/Business%20Ethics/Business%20Ethics%20-
%20Procter%20&%20Gamble%20vs%20Unilever% 20-%20Corporate%20Espionage.htm
3. Apple in 2005: Moving into the Mainstream?
http://www.icmr.icfai.org/casestudies/catalogue/Business%20Strategy3/ BSTA118.htm

License to use for IBS Campuses only. Sem I, Class of 2014-16